CylancePROTECT® convicts payloads that are known to be associated with these attacks. This is a technique known as typosquatting, where the threat actor relies on the victim not noticing that the link they are clicking on is slightly different from the official URL of the site they intend to visit.īlackBerry Protects Customers from Microsoft Office and Windows HTML Remote Code Execution VulnerabilityīlackBerry has verified that its cybersecurity software, powered by Cylance AI, protects against these vulnerabilities. The fake Ukrainian World Congress site was hosted on a URL that looked almost identical to the real URL: The legitimate domain is, whereas the malicious domain’s URL was ukrainianworldcongressinfo. The spear-phishing emails encouraged their intended victims to click on a link that sent them to a specially crafted replica of the Ukrainian World Congress website, leveraging CVE-2023-36884 to deliver a malicious payload that allows for remote code execution. The infection technique used in the document is RTF exploitation, with outbound connections initiated from the victim’s machine once the target opens the document. Based on BlackBerry's cyberthreat telemetry, network data analysis, and the full set of cyber weapons the team collected, it appears that RomCom ran its first test drills on June 22, and again a few days before the malicious command-and-control (C2) used in this campaign was registered and went live.Īs the team dug deeper into this campaign, the BlackBerry researchers found two malicious documents submitted from an IP address in Hungary, sent as lures to an organization supporting Ukraine abroad, and a document targeting NATO Summit guests who may also be providing support to Ukraine. This method is the gateway to many malicious activities, including data exfiltration, credential gathering, and ransoming or stealing information for adversarial intelligence and cyber-espionage purposes.īlackBerry discovered RomCom’s phishing campaign the week before the NATO Summit and immediately shared this intelligence - including IoCs (indicators of compromise) - with relevant government agencies several days before r eleasing a public report on July 8. The vulnerability announcement was made by Microsoft three days later, on July 11. When the vulnerability is exploited, an attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution on the victim’s machine once the document is opened. Microsoft has stated it will take appropriate mitigation actions, which may include providing a security update through their monthly release process or providing an out-of-cycle security update. Currently, there is no patch available from Microsoft to mitigate against the attack. federal civilian executive branch (FCEB) agencies to secure Windows devices on their networks against CVE-2023-36884 exploits by Aug. “This is why we are investigating whether Microsoft’s tying of its productivity suites with Teams may be in breach of EU competition rules,” she added.In response to the attacks, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD 22-01), which requires U.S. We must therefore ensure that the markets for these products remain competitive,” said Margrethe Vestager, the EU’s antitrust commissioner. “Remote communication and collaboration tools like Teams have become indispensable for many businesses in Europe. Slack, owned by business software maker Salesforce, alleged that Microsoft was abusing its market dominance to eliminate competition - in violation of EU laws - by illegally combining Teams with its Office suite, which includes Word, Excel and Outlook. The investigation stems from a complaint filed in 2020 by Slack Technologies, which makes popular workplace messaging software. The European Commission, the 27-nation bloc’s top competition enforcer, said it would carry out its in-depth investigation “as a matter of priority.” BRUSSELS (AP) - The European Union said Thursday that it has opened an antitrust investigation into Microsoft over concerns that bundling its Teams messaging and videoconferencing app with its Office productivity software gives it an unfair edge over competitors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |